AWS IMDSv2 enforcement
Protect AWS credentials from SSRD vectors by enforcing AWS IMDSv2
Summary
This is a best practice and will save you a ton in response and remediation for SSRD vulnerabilities. The main value is protecting AWS credentials from SSRF vectors which you are bound to be exposed to at some point. Just do it always assuming the vendor software you run on your servers support it. Enforce the use of the IMDSv2 to mitigate risk of credential exposure via SSRF
Applicable To
Always
Resources
EC2
Maturity
Medium
Functions
CSPS
AWS
Author
Will Bengtson
Additional Links
